This chapter focuses on how cyber-threats, defined as the malicious use of information and communication technologies either as a target or as a tool by a wide range of malevolent actors, were firmly established as a national security threat in the 1980s to produce a fairly restricted threat frame, mainly concerned with classified information and government networks. It shows how the issues of cyber-threats and critical infrastructures were interlinked, paying special attention to the role of the US military in the process, and how the issue was thus turned into a topic of society-threatening import. The chapter provides information on the threat frames established in the 1997 Presidential Commission on Critical Infrastructure Protection report, a clear culmination point in the critical infrastructure protection (CIP) history, and how the idea of 'distributed security' was solidified. It looks at threat frames in the most recent conceptualisation of CIP under the heading of homeland security.